(A) study on privacy leakage from unwanted side channel in LTE control plane

Abstract

downlink channel, uplink channel, and implementation of baseband processors in mobile devices. As a result, although the security mechanisms in LTE are designed to preserve the subscriber’s privacy, we argue that a) unwanted side channels do exist in the cellular network due to the unprotected LTE control plane protocol’s lower layers and diversities in the UE implementation, and b) those side channels can be utilized to the privacy threatening attacks. Especially, this dissertation focuses on discussing side-channel attacks using leaked information in unprotected layers in three different domains with practical considerations. First, we investigate the information leakage in the downlink channel in LTE and show that an unprivileged third party can exploit the information leakages in the downlink channel for identifying a video title that a victim is watching. Second, we conduct a security analysis on the uplink channel in LTE. We show that an adversary who has no access to victims’ devices or cell towers can locate the target victim by using the side channel in the design of the uplink channel. Third, we analyze the differences in the baseband implementation. We then present the UE identification attack which infers the name of the device and conduct a large-scale evaluation to show its practicality in the real world. Lastly, we conduct a case study of utilizing the side channels in LTE for defeating the voice phishing eco-system. In summary, we argue that fundamental design flaw combined with its implementation of cellular networks produces serious privacy implications that cannot be fixed without changing the standards. Thus, this work enlightens and enhances the security of the design and implementation of current and future mobile network generations.

Cellular networks have become a dominant means of serving a variety of applications, including, not limited to the call service, but also our professional and private activities. This trend gives rise to the exchanging data through the cellular network, which is private information that people are reluctant to share as it can reveal their political, financial, and personal interests. Accordingly, the design and implementation of the cellular network require high standards for privacy and secrecy. Contrary to this importance, as the cellular network uses an open medium (i.e., air) for the data, it is exposed to a wide range of privacy-threatening attacks. Note that the previous studies have uncovered several privacy-threatening vulnerabilities in the cellular network, spanning from 2G to LTE. However, those vulnerabilities have been still unpatched in the 5G standard design because of the absence of practical privacy-threatening attack scenarios and limited analysis of their practicality and severity.In this dissertation, we conduct a security analysis of the cellular network design and implementation, which may occur when the characteristics of various applications and the cellular network meet. More specifically, we analyze the unwanted side channels in the three domains of LTE networks